Re: [Qemu-devel] [PATCH 1/3] arm: check bit index before use

Paolo Bonzini Fri, 26 Oct 2018 02:34:43 -0700

On 22/10/2018 14:09, P J P wrote:
> From: Prasad J Pandit <p...@fedoraproject.org>
> 
> While performing gpio write via strongarm_gpio_handler_update
> routine, the 'bit' index could access beyond s->handler[28] array.
> Add check to avoid OOB access.
> 
> Reported-by: Moguofang <moguof...@huawei.com>
> Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
> ---
>  hw/arm/strongarm.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/arm/strongarm.c b/hw/arm/strongarm.c
> index ec2627374d..3dda75feaf 100644
> --- a/hw/arm/strongarm.c
> +++ b/hw/arm/strongarm.c
> @@ -532,7 +532,9 @@ static void 
> strongarm_gpio_handler_update(StrongARMGPIOInfo *s)
>  
>      for (diff = s->prev_level ^ level; diff; diff ^= 1 << bit) {
>          bit = ctz32(diff);
> -        qemu_set_irq(s->handler[bit], (level >> bit) & 1);
> +        if (bit < sizeof(s->handler) / sizeof(s->handler[0])) {
> +            qemu_set_irq(s->handler[bit], (level >> bit) & 1);
> +        }
>      }
>  
>      s->prev_level = level;
>


This is correct, but please use ARRAY_SIZE(s->handler).

Paolo

Re: [Qemu-devel] [PATCH 1/3] arm: check bit index before use

Reply via email to